chore(deps): update nuget non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Altinn.ApiClients.Dialogporten	1.76.2 -> 1.77.0
Blazor.Bootstrap (source)	3.3.1 -> 3.4.0
Microsoft.AspNetCore.Authentication.Cookies (source)	2.2.0 -> 2.3.0
Microsoft.AspNetCore.Authentication.JwtBearer (source)	8.0.8 -> 8.0.19
Microsoft.AspNetCore.Authentication.OpenIdConnect (source)	8.0.8 -> 8.0.19
Microsoft.AspNetCore.Cors (source)	2.2.0 -> 2.3.0
Microsoft.AspNetCore.OpenApi (source)	8.0.8 -> 8.0.19
Microsoft.IdentityModel.Protocols.OpenIdConnect	8.0.2 -> 8.13.1
ScottBrady.IdentityModel	4.0.0 -> 4.1.0
ScottBrady.IdentityModel.AspNetCore	2.1.0 -> 2.2.0
Swashbuckle.AspNetCore	6.4.0 -> 6.9.0

---

Release Notes

altinn/dialogporten (Altinn.ApiClients.Dialogporten)

v1.77.0

Features

• webapi: Make Status nullable when creating dialogs (#​2623) (24de98c)

Bug Fixes

• webapi: Use correct URL for create dialog validators in docs (#​2624) (abd4484)

Miscellaneous Chores

• deps: update docker/metadata-action action to v5.8.0 (#​2615) (2072bce)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.131.1 (#​2616) (fdcd46a)

vikramlearning/blazorbootstrap (Blazor.Bootstrap)

v3.4.0: 3.4.0

✨ New Features & Enhancements

• Grid: Added support for showing/hiding or adding/removing GridColumn at runtime (#​1027, #​1060)
• Grid: Conditional rendering of GridColumn improvements (#​310)
• Grid: Footer support and ability to add grid footers (#​472, #​921)
• Grid: Column width example added (#​1099)
• Grid: Grid summary and culture updates (#​1071, #​1072, #​1075)
• Grid: Enum filters support (#​1073)
• Grid: FilterTextboxWidth can now use any unit, not just px (#​879, #​1058)
• Grid: Improved pagination, item selection, and items-per-page handling on small screens (#​1019, #​1123)
• Tabs: Setting Tab Class or Style is now functional (#​1035, #​1028)
• Tabs: Removing a Tab now makes the nearest one show (#​1033, #​1029)
• Sidebar: Image display support on sidebar/sidebar2 (#​812, #​1128)
• Icons: Updates and fixes in BootstrapIconUtility (#​1086)
• Demos: Home page improvements (#​1096)
• General: Ability to modify column visibility using IsVisible parameter (#​1060)

🐞 Bug Fixes

• Grid: Responsive="true" was not responsive when Enum Filters enabled (#​1028, #​1124)
• Grid: Removing last item from last page did not navigate to new last page (#​689, #​1059)
• Grid: Conditional rendering of GridColumn issues (#​310)
• Grid: Issue with grid summary updates (#​1072)
• Grid: Items selection, pagination, and display issues on small screens (#​1019, #​1123)
• Grid: How to set Grid page number when current page is empty (#​443)
• Grid: FilterTextboxWidth now consistently applies units (#​879, #​1058)
• Tabs: Setting Tab Class/Style issues fixed (#​1035, #​1028)
• Tabs: Removing a Tab now correctly shows the nearest tab (#​1033, #​1029)

⬆️ Upgrades

• Upgraded to Bootstrap v5.3.7 (#​1118, #​1120)
• Upgraded to Bootstrap Icons v1.13.1 (#​1119, #​1121)

🧩 Other Notable Improvements

• Improved documentation and demo coverage.
• Sidebar image support (area-sidebar, area-sidebar-2).
• Numerous merged PRs and community contributions for feature completion and bug fixes.

New Contributors

• @​rajraku made their first contribution in https://github.com/vikramlearning/blazorbootstrap/pull/1058
• @​cpettit-proxsysrx made their first contribution in https://github.com/vikramlearning/blazorbootstrap/pull/1102
• @​shargon made their first contribution in https://github.com/vikramlearning/blazorbootstrap/pull/1111

Special thanks to all contributors for their efforts and dedication to making BlazorBootstrap more robust and feature-rich!

Full Changelog: vikramlearning/blazorbootstrap@v3.3.1...v3.4.0

dotnet/aspnetcore (Microsoft.AspNetCore.Authentication.JwtBearer)

v8.0.19

v8.0.18: .NET 8.0.18

Release

What's Changed

• Update branding to 8.0.18 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/62241
• [release/8.0] Update Alpine helix references by @​github-actions in https://github.com/dotnet/aspnetcore/pull/62243
• [release/8.0] (deps): Bump src/submodules/googletest from 04ee1b4 to e9092b1 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/62201
• [8.0] Delete src/arcade directory by @​akoeplinger in https://github.com/dotnet/aspnetcore/pull/61994
• [Backport 8.0] [IIS] Manually parse exe bitness (#​61894) by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/62037
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/62006
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/61944
• [release/8.0] Associate tagged keys with entries so replacements are not evicted by @​github-actions in https://github.com/dotnet/aspnetcore/pull/62247
• [release/8.0] Block test that is failing after switching to latest-chrome by @​github-actions in https://github.com/dotnet/aspnetcore/pull/62284
• backport(net8.0): http.sys on-demand TLS client hello retrieval by @​DeagleGross in https://github.com/dotnet/aspnetcore/pull/62290
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/62302

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

v8.0.17

Bug Fixes

• Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61623)
  The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

• Update dependencies from dotnet/arcade (#​61832)
  This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.

• Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61761)
  The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

• Update branding to 8.0.17 (#​61830)
  The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.

• Merging internal commits for release/8.0 (#​61924)
  This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.

---

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

v8.0.16: .NET 8.0.16

Release

What's Changed

• Update branding to 8.0.16 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/61283
• [release/8.0] (deps): Bump src/submodules/googletest from 24a9e94 to 52204f7 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/61260
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/61281
• [release/8.0] Upgrade to Ubuntu 22 by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/61216
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/60901
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/60926
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/61404
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/61398
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/61411
• Revert "Revert "[release/8.0] Update remnants of azureedge.net"" by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/60352
• [release/8.0] Fix preserving messages for stateful reconnect with backplane by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/61375
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/61442
• fetch TLS client hello message from HTTP.SYS by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/61494

Full Changelog: dotnet/aspnetcore@v8.0.15...v8.0.16

v8.0.15: .NET 8.0.15

Release

What's Changed

• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/60355
• Update branding to 8.0.15 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/60784
• Add partitioned to cookie for SignalR browser testing by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/60728
• [release/8.0] (deps): Bump src/submodules/googletest from e235eb3 to 24a9e94 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/60677
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/60879

Full Changelog: dotnet/aspnetcore@v8.0.14...v8.0.15

v8.0.14: .NET 8.0.14

Release

What's Changed

• Update branding to 8.0.14 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/60197
• [release/8.0] (deps): Bump src/submodules/googletest from 7d76a23 to e235eb3 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/60150
• [release/8.0] Fix java discovery in IdentityModel pipeline by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/60075
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/60199
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/59922
• [release/8.0] Readd DiagnosticSource to KestrelServerImpl by @​github-actions in https://github.com/dotnet/aspnetcore/pull/60203
• [release/8.0] Update to MacOS 15 in Helix by @​github-actions in https://github.com/dotnet/aspnetcore/pull/60239
• [release/8.0] Use the latest available JDK by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/60233
• [release/8.0] Fix skip condition for java tests by @​github-actions in https://github.com/dotnet/aspnetcore/pull/60243
• [release/8.0] Update list of helix queues to skip by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/60231
• [release/8.0] [Blazor] Allow cascading value subscribers to get added and removed during change notification by @​github-actions in https://github.com/dotnet/aspnetcore/pull/57288
• [release/8.0] Update remnants of azureedge.net by @​sebastienros in https://github.com/dotnet/aspnetcore/pull/60264
• [release/8.0] Centralize on one docker container by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/60299
• Revert "[release/8.0] Update remnants of azureedge.net" by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/60324
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/60316

Full Changelog: dotnet/aspnetcore@v8.0.13...v8.0.14

v8.0.13: .NET 8.0.13

Release

What's Changed

• [release/8.0] Update dotnetbuilds CDN to new endpoint by @​mmitche in https://github.com/dotnet/aspnetcore/pull/59575
• Update branding to 8.0.13 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/59756
• [release/8.0] Skip MVC template tests on HelixQueueArmDebian12 by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/59295
• [release/8.0] Update OSX helix queue by @​github-actions in https://github.com/dotnet/aspnetcore/pull/59742
• [release/8.0] (deps): Bump src/submodules/googletest from d144031 to 7d76a23 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/59678
• [release/8.0] Skip tests on internal queues too by @​github-actions in https://github.com/dotnet/aspnetcore/pull/59579
• [release/8.0] Fix Kestrel host header mismatch handling when port in Url by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/59403
• Migrate off of Debian 11 by @​v-firzha in https://github.com/dotnet/aspnetcore/pull/59584
• [release/8.0] Pin to S.T.J 8.0.5 in Analyzers by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/59777
• [release/8.0] [Blazor WASM standalone] Avoid caching index.html during development by @​github-actions in https://github.com/dotnet/aspnetcore/pull/59349
• Update to Fedora 41 by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/59817
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/59811
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/59825
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/59864
• [release/8.0] Fix/update docker tags by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/59867
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/59872

Full Changelog: dotnet/aspnetcore@v8.0.12...v8.0.13

v8.0.12: .NET 8.0.12

Release

What's Changed

• Update branding to 8.0.12 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/58800
• [release/8.0] (deps): Bump src/submodules/googletest from 6dae7eb to 1204d63 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/58741
• Add scope for internal npm packages by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/58512
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/58477
• [release/8.0] Upgrade serialize-javascript transient dependency by @​MackinnonBuck in https://github.com/dotnet/aspnetcore/pull/58466
• [release/8.0] Update Messagepack dependency by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/58676
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/58898
• [release/8.0] Use MacOS-13 in CI by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/58549
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/59065
• [release/8.0] Fix java discovery in helix-matrix by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/59181
• [release/8.0] Update dependencies from dotnet/roslyn by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/59184
• [release/8.0] (deps): Bump src/submodules/googletest from 1204d63 to d144031 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/59033

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

v8.0.11: .NET 8.0.11

Release

What's Changed

• Update branding to 8.0.11 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/58198
• [release/8.0] (deps): Bump src/submodules/googletest from ff233bd to 6dae7eb by @​dependabot in https://github.com/dotnet/aspnetcore/pull/58180
• [release/8.0] Add explicit conversion for value-type returning handlers with filters by @​captainsafia in https://github.com/dotnet/aspnetcore/pull/57966
• [release/8.0] Stop using Mac 11 in Helix by @​wtgodbe in https://github.com/dotnet/aspnetcore/pull/58063
• [release/8.0] Enable TSA/Policheck by @​github-actions in https://github.com/dotnet/aspnetcore/pull/58124
• [release/8.0] (deps): Bump src/submodules/MessagePack-CSharp from ecc4e18 to 9511905 by @​dependabot in https://github.com/dotnet/aspnetcore/pull/58179
• [Backport] Http.Sys: Clean up Request parsing errors by @​BrennanConroy in https://github.com/dotnet/aspnetcore/pull/57819
• [release/8.0] Update the Microsoft.Identity.Web versions used by project templates by @​halter73 in https://github.com/dotnet/aspnetcore/pull/58229
• Add registry search for upgrade policy keys, update dependencies from Arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/58278
• Merging internal commits for release/8.0 by @​vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/58300
• [release/8.0] Remove ProviderKey from Hosting Bundle by @​github-actions in https://github.com/dotnet/aspnetcore/pull/58294
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/58352
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/58347
• [release/8.0] Improve dev-certs export error message by @​amcasey in https://github.com/dotnet/aspnetcore/pull/58470
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro in https://github.com/dotnet/aspnetcore/pull/58474

Full Changelog: dotnet/aspnetcore@v8.0.10...v8.0.11

v8.0.10: .NET 8.0.10

Release

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect)

v8.13.1

Compare Source

====

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

• Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

v8.13.0

Compare Source

====

Fundamentals

• CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
• Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
• Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

v8.12.1

Compare Source

====

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3385 for details.
• To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
• Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

v8.12.0

Compare Source

====

New Features

• Enhance ConfigurationManager with event handling
  Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

• Add expected Base64UrlEncoder.Decode overload for NET6 and 8
  Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
  For details see #​3249

Fundamentals

• Add AI assist rules
  Incorporated AI assist rules to enhance AI agents effectiveness.
  For details see #​3255
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
  For details see #​3256
• Move suppression of RS006 to csproj
  Centralized suppression of RS006 warnings in project files for easier management.
  For details see #​3230

v8.11.0

Compare Source

=====

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

v8.10.0

Compare Source

=====

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220 to avoid build warnings with the other target frameworks
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

v8.9.0

Compare Source

=====

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See #​3213.
• Fixed a null reference issue in KeyInfo. See (#​3203)[https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203](https://redirect.github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203)3].

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See #​2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See #​3205.

Fundamentals

• Utilized IList to avoid enumerator allocation during audience validation. See #​3204.

v8.8.0

Compare Source

=====

New Features

• Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
• Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #​3195 and https://aka.ms/identitymodel/app-context-switches for details.
• Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #​3185 and #​3189 for details.

v8.7.0

Compare Source

=====

Bug Fixes

• Add back internal methods IsRecoverableException and IsRecoverableExceptionType whose signatures were changed in the previous version. See #​3181.

New Features

• Make Cnf class public and move it to Microsoft.IdentityModel.Tokens package. See #​3165.

v8.6.1

Compare Source

=====

Bug fix

• Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue #​3148 for details.
• Fix a bug in JsonWebTokenHandler where JwtTokenDecryptionParameters's Alg and Enc were not set during token decryption, causing IDX10611 and IDX10619 errors to show null values in the messages. See issue #​3003 for details.

Fundamentals

• For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue #​2995 for details.

v8.6.0

Compare Source

=====

New Features

• TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #​3128
• Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #​3140

Fundamentals

• Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
• Add more tests for encrypted tokens. See #​3139

v8.5.0

Compare Source

=====

Reverting previous breaking change

• The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
• Cherry-picked Changes: Included changes from PR #​3022 and #​3104.

v8.4.0

Compare Source

=====

New Features

• App context switch allows blocking or non-blocking calls for configuration. See PR #​3106 for details and issue #​3082 for details.
• IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See #​3094 for details.
• IdentityModel now allows specifying the HTTP protocol version and version policy. See #​2808 for details.

Repair items

• Add request count and duration telemetry for configuration requests. See #​3022 for details.
• KeyID should be present in exception messages and is no longer PII. See #​3104 for details.

Fundamentals

• Fix spelling issues in xml comments. See #​3117 for details.
• Fix comment coverage in PR builds. See #​3079 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• See #​3056. #​3100, #​3017, and #​3111.
• Add internal virtual on TokenHandler. See #​3084 for details.

v8.3.1

Compare Source

=====

Bug Fixes

• Respect TVP.RequireAudience when set to false. See [#​3055](https://redirect.github.com/AzureAD/azure-activedirectory-identitymodel-ext

---

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.